<?PHP
    error_reporting(E_ALL ^ E_NOTICE);

    header('P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"');

    if (!isset($set_time_limit)) $set_time_limit = 0;
	@set_time_limit($set_time_limit);

    define("__PLAYPLUS__", TRUE);

    if (isset($HTTP_POST_VARS) && !isset($_POST)) {
		$_POST   = &$HTTP_POST_VARS;
		$_GET    = &$HTTP_GET_VARS;
		$_SERVER = &$HTTP_SERVER_VARS;
		$_COOKIE = &$HTTP_COOKIE_VARS;
		$_ENV    = &$HTTP_ENV_VARS;
		$_FILES  = &$HTTP_POST_FILES;

		if (!isset($_SESSION))
			$_SESSION = &$HTTP_SESSION_VARS;
	}

    if( !get_magic_quotes_gpc() ) {
		if( is_array($_GET) ) {
			while( list($k, $v) = each($_GET) ) {
				if( is_array($_GET[$k]) ) {
					while( list($k2, $v2) = each($_GET[$k]) ) {
						$_GET[$k][$k2] = addslashes($v2);
					}
					@reset($_GET[$k]);
				} else {
					$_GET[$k] = addslashes($v);
				}
			}
			@reset($_GET);
		}

		if( is_array($_POST) ) {
			while( list($k, $v) = each($_POST) ) {
				if( is_array($_POST[$k]) ) {
					while( list($k2, $v2) = each($_POST[$k]) ) {
						$_POST[$k][$k2] = addslashes($v2);
					}
					@reset($_POST[$k]);
				} else {
					$_POST[$k] = addslashes($v);
				}
			}
			@reset($_POST);
		}

		if( is_array($_COOKIE) ) {
			while( list($k, $v) = each($_COOKIE) ) {
				if( is_array($_COOKIE[$k]) ) {
					while( list($k2, $v2) = each($_COOKIE[$k]) ) {
						$_COOKIE[$k][$k2] = addslashes($v2);
					}
					@reset($_COOKIE[$k]);
				} else {
					$_COOKIE[$k] = addslashes($v);
				}
			}
			@reset($_COOKIE);
		}
	}

	if ($_GET['ms_path'] || $_POST['ms_path'] || $_COOKIE['ms_path']) {
		unset($_GET['ms_path']);
		unset($_POST['ms_path']);
		unset($_COOKIE['ms_path']);
		unset($pp_path);
	}

	function xss_clean($data)
	{
		if(empty($data)) return $data;

		if(is_array($data)) {
			foreach($data as $key => $value) {
				$data[$key] = xss_clean($value);
			}

			return $data;
		}

		// http://svn.bitflux.ch/repos/public/popoon/trunk/classes/externalinput.php
		// +----------------------------------------------------------------------+
		// | Copyright (c) 2001-2006 Bitflux GmbH                                 |
		// +----------------------------------------------------------------------+
		// | Licensed under the Apache License, Version 2.0 (the "License");      |
		// | you may not use this file except in compliance with the License.     |
		// | You may obtain a copy of the License at                              |
		// | http://www.apache.org/licenses/LICENSE-2.0                           |
		// | Unless required by applicable law or agreed to in writing, software  |
		// | distributed under the License is distributed on an "AS IS" BASIS,    |
		// | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or      |
		// | implied. See the License for the specific language governing         |
		// | permissions and limitations under the License.                       |
		// +----------------------------------------------------------------------+
		// | Author: Christian Stocker <chregu@bitflux.ch>                        |
		// +----------------------------------------------------------------------+

        $data = str_replace(array('&amp;','&lt;','&gt;'), array('&amp;amp;','&amp;lt;','&amp;gt;'), $data);
        $data = preg_replace('/(&#*\w+)[\x00-\x20]+;/', '$1;', $data);
        $data = preg_replace('/(&#x*[0-9A-F]+);*/i', '$1;', $data);

        if (function_exists("html_entity_decode")) {
            $data = html_entity_decode($data);
        } else {
            $trans_tbl = get_html_translation_table(HTML_ENTITIES);
            $trans_tbl = array_flip($trans_tbl);
            $data = strtr($data, $trans_tbl);
        }

        $data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#i', '$1>', $data);
        $data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#i', '$1=$2nojavascript...', $data);
        $data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#i', '$1=$2novbscript...', $data);
        $data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#', '$1=$2nomozbinding...', $data);
        $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
        $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
        $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#i', '$1>', $data);
        $data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data);

        do {
            $old_data = $data;
            $data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data);
        } while ($old_data !== $data);

        return $data;
    }

    $_GET = xss_clean($_GET);

    $ext_arr = array ('PHP_SELF', '_ENV', '_GET', '_POST', '_FILES', '_SERVER', '_COOKIE', '_SESSION', '_REQUEST',
                      'HTTP_ENV_VARS', 'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_POST_FILES', 'HTTP_SERVER_VARS',
                      'HTTP_COOKIE_VARS', 'HTTP_SESSION_VARS', 'GLOBALS');
    $ext_cnt = count($ext_arr);
    for ($i=0; $i<$ext_cnt; $i++) {
        if (isset($_GET[$ext_arr[$i]]))
            unset($_GET[$ext_arr[$i]]);
    }

    @extract($_GET);
    @extract($_POST);
    @extract($_SERVER);

    $user   = array();
    $pp     = array();

    if (!$pp_path || preg_match("/:\/\//", $pp_path))
        die("<meta http-equiv='content-type' content='text/html; charset=utf-8'><script type='text/javascript'> alert('Variable is defined in the wrong way'); </script>");

    $pp['path'] = $pp_path;
    unset($pp_path);

    $pp['DOCUMENT_NAME']=explode("/", $_SERVER['DOCUMENT_ROOT']);
    $pp['DOCUMENT_NAME']=$pp['DOCUMENT_NAME'][2]."/".$pp['DOCUMENT_NAME'][3];

    include_once("/www/".$pp['DOCUMENT_NAME']."/config.php");
    include_once("/www/".$pp['DOCUMENT_NAME']."/lib/common.lib.php");
    include_once("/www/".$pp['DOCUMENT_NAME']."/lib/mysql.lib.php");

    $mysql = new mysql;
    $dbconfig_file = "dbconn.inc.php";
    if (!file_exists("$pp[inc_path]/$dbconfig_file")) {
        die("<meta http-equiv='content-type' content='text/html; charset=$pp[charset]'><script type='text/javascript'> alert('Database Connection File Not Exists'); </script>");
    } else {
        include_once("$pp[inc_path]/$dbconfig_file");
        $conn = $mysql->conn($pp['sql_host'], $pp['sql_user'], $pp['sql_passwd']);
        $seldb = $mysql->seldb($pp['sql_db'], $conn);

        if (!$seldb)
            die("<meta http-equiv='content-type' content='text/html; charset=$pp[charset]'><script type='text/javascript'> alert('Database Selection Error'); </script>");
    }

    session_save_path($pp['data_path']."/session");

	if (isset($SESSION_CACHE_LIMITER))
		@session_cache_limiter($SESSION_CACHE_LIMITER);
	else
		@session_cache_limiter("no-cache, must-revalidate");

	ini_set("session.cache_expire", 180);
	ini_set("session.gc_maxlifetime", 10800);
	ini_set("session.gc_probability", 1);
	ini_set("session.gc_divisor", 100);

	@session_start();

    if ($_SESSION['u_code']) {
        include_once("/www/".$pp['DOCUMENT_NAME']."/lib/member.lib.php");
        $member=new member;
        $user=$member->get($_SESSION['u_code']);
    }
?>